adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
48,445 Commits 27 Branches 1,043 Tags
64d53cd882ef3fce14927bb431cfd0945cd46bb6
Commit Graph

11733 Commits

Author SHA1 Message Date
bwatters-r7 64d53cd882 code cleanup 2018-10-02 14:06:25 -05:00
William Vu 1d091408f7 Make msftidy happy 2018-09-18 20:00:08 -05:00
William Vu 6a63feced4 Merge remote-tracking branch 'upstream/master' into pr/10418 2018-09-18 19:54:44 -05:00
Brent Cook 6126a627cc Land #10570, AKA Metadata Refactor 2018-09-17 22:29:20 -05:00
Brent Cook a814899dc2 Land #10660, deregister RHOSTS as well as RHOST 2018-09-17 22:26:37 -05:00
Brent Cook 1aabf8d83f deregister RHOSTS as well 2018-09-17 22:26:16 -05:00
h00die 5089c19453 Land #10620 Solaris 10 LPE for libnspr 2018-09-17 18:10:16 -04:00
Erin Bleiweiss 011c25ed59 Merge changes from master (ghostscript) 2018-09-17 13:57:28 -05:00
Brendan Coles 83039781de Background payload execution 2018-09-17 08:42:04 +00:00
Brendan Coles c8906f8772 Add check for Solaris system patch revision 2018-09-17 08:32:52 +00:00
William Vu 4c036e70c1 Fix http://seclists.org links to https:// 
I have no idea how this happened in my own code. I was seeing https://.
 2018-09-15 18:54:45 -05:00
Brendan Coles 1f4a1a388e Update gcc path 2018-09-15 18:16:03 +00:00
bwatters-r7 2fbbf88ea9 Land #10560, ms17_010_eternalblue: use SMBDomain value when provided 
instead of ignoring it

Merge branch 'land-10560' into upstream-master
 2018-09-13 10:08:54 -05:00
Brendan Coles a8c459db18 Update description with correct patched release 2018-09-13 08:22:13 +00:00
Brendan Coles 0db1c34c40 Add check for Solaris system patches 2018-09-12 07:36:54 +00:00
Brendan Coles e75b5592f7 Add ForceExploit option 2018-09-11 09:23:50 +00:00
Brendan Coles 1582dacb0e Check WritableDir is writable 2018-09-11 09:06:15 +00:00
Brendan Coles d658ccf653 Add Solaris libnspr NSPR_LOG_FILE Privilege Escalation module 2018-09-11 08:11:11 +00:00
Wei Chen 718aaca0f4 Land #10546, Add Apache Struts exploit: CVE-2018-11776 2018-09-07 14:54:23 -05:00
Wei Chen bd50e00ccc Make some small changes: 
Changes made:

* DisclosureDate
* Privileged to false
* Remove gsub for ';'
* Set cmd/unix/generic as the default payload for ARCH_CMD (linux)
 2018-09-07 14:48:33 -05:00
William Vu b3cd4a89ad Move CVE ref to top as per ~standard~ 2018-09-07 14:33:25 -05:00
Adam Cammack 68ca771764 Add CVE reference to ghostscript_failed_restore.rb 2018-09-07 14:24:15 -05:00
asoto-r7 99ca6cef49 Quote-block cleanup and improved error handling 2018-09-07 11:43:04 -05:00
asoto-r7 3671f8f6b0 Handling for Tomcat namespace issues, 'allowStaticMethodAccess' settings, and payload output 
Depending on the configuration of the Tomcat server, `allowStaticMethodAccess` may already be set.  We now try to detect this as part of `profile_target`.  But that check might fail.  If so, we'll try our best and let the user control whether we prepend OGNL to enable `allowStaticMethodAccess` via the 'ENABLE_OGNL' option.

Additionally, sometimes enabling `allowStaticMethodAccess` will cause the OGNL query to fail.

Additionally additionally, some Tomcat configurations won't provide output from the payload.  We'll detect that the payload ran successfully, but tell the user there was no output.
 2018-09-06 17:56:42 -05:00
asoto-r7 7eb06b4592 Address travis errors: Updated metadata and target OS logic 2018-09-06 12:43:56 -05:00
asoto-r7 cb16f812ec struts2_namespace_ognl updates from code review 
Thanks to @wvu, @firefart, and @wchen!
 2018-09-06 11:50:57 -05:00
Wei Chen d23b252393 Land #10592, support ERB for foxit_reader_uaf.rb 2018-09-05 21:48:52 -05:00
Wei Chen 254e8b9fd0 Cleanup for foxit_reader_uaf 2018-09-05 21:47:57 -05:00
William Vu 243267b2f5 Add Linux dropper target 2018-09-05 19:57:12 -05:00
William Vu 61044e8bca Refactor targets to align with current style 2018-09-05 19:56:32 -05:00
William Vu 692ddc8b8b Eschew updating imagemagick_delegate 
The hype is over, and the target was provided as a bonus. Now update the
module language to reflect that.
 2018-09-05 19:56:32 -05:00
William Vu 1491f13bd5 Add Ghostscript failed restore exploit 2018-09-05 19:56:32 -05:00
William Vu 13ff71b879 Clean up previous modules 
Missed in 35670713ff.
 2018-09-05 19:56:32 -05:00
Shelby Pace 55bf6e5dd4 removed require in erb file 2018-09-05 18:09:29 -05:00
Shelby Pace 6a3a4de289 included path to erb, removed multiline pdf string 2018-09-05 14:09:10 -05:00
Erin Bleiweiss e243ce9eee Update AKA for ghostscript_type_confusion 2018-08-31 16:56:35 -05:00
Erin Bleiweiss 5092d561f9 Update AKA values for ms17_010_psexec 2018-08-31 16:56:28 -05:00
Erin Bleiweiss 69a785ff46 Update json for python modules 2018-08-31 16:56:22 -05:00
Erin Bleiweiss eb17d9b198 Refactor AKA references for modules 2018-08-31 16:56:05 -05:00
asoto-r7 8fe8bf62e3 Renamed to match existing struts2_content_type_ognl and improved comments 2018-08-31 13:48:22 -05:00
asoto-r7 35022d8332 Added payload upload+execution and OGNL-specific URI encoding 2018-08-31 13:39:42 -05:00
William Vu 7c7f63df45 Fix missing normalize_uri in struts2_rest_xstream 
I missed this one previously. May not be necessary but nice to have.
 2018-08-30 15:56:43 -05:00
Shelby Pace 6ec8522786 Land #10482, Add Network Manager VPNC Privesc 2018-08-30 10:46:54 -05:00
Jacob Robles 9d3e1c1942 Land #10540, weblogic_deserialize, add check method and linux target 2018-08-30 06:08:03 -05:00
Jacob Robles 953bafc7e7 Land #10545, foxit fix generated strings, update doc 2018-08-30 05:55:44 -05:00
Austin 0887236f5e Fix spaces issue 2018-08-29 19:28:48 -04:00
Clément Notin d489cd7248 ms17_010_eternalblue: use SMBDomain value when provided instead of ignoring it 2018-08-29 23:53:58 +02:00
Jacob Robles 3161beff69 Prefer opt hash 2018-08-29 14:56:31 -05:00
Adam Cammack a57e5ac5c0 Land #10594, Remove trailing space from CVE number 2018-08-29 14:31:21 -05:00
Jacob Robles bc4442694e Fix Windows target options, remove comspec 2018-08-29 14:23:00 -05:00